Universal Plug-N-Play (UPnP) is a protocol that allows various network devices to auto-configure themselves. One of the most common uses of this protocol is to allow devices or programs to open up ports on your home router in order to communicate properly with the outside world (Xbox, for example, does this). The UPnP protocol is built on top of pre-existing protocols and specifications, most notably, UDP, SSDP, SOAP and XML.

This article will address some of the security issues related to UPNP, briefly describe the inner workings of the protocol, and show how to identify and analyze UPNP devices on a network using open source tools. While we will be specifically focusing on IGDs (Internet Gateway Devices, aka, routers), it is important to remember that there are many other devices and systems that support UPNP as well, and they may be vulnerable to similar attacks.

As always, please add your feedback here and make any suggestions for future articles.

Looks like a nice tool Erik; UPnP can defiantly be used to help identify hosts and devices on the network, but passive collection tools are very limited when it comes to a full analysis of UPnP. Really all you can glean from the multicast packets are the devices and services that a device supports, and in my experience even this usually isn't a complete list. Active queries and XML parsing is key if you want to really examine a UPnP implementation.